提出 #597524: yzcheng90 X-SpringBoot master branch Path Traversal情報

タイトルyzcheng90 X-SpringBoot master branch Path Traversal
説明In the X-SpringBoot project, the file upload API /sys/oss/upload/apk contains the following issue: The method creates a temporary file using the filename obtained from external parameters, and deletes the temporary file after copying. An attacker can exploit this by crafting the path of the temporary file to delete any .apk file on the system. Moreover, invoking this interface does not require any permission verification. Project Link: https://github.com/yzcheng90/X-SpringBoot Affected Version: master branch Affected API: /sys/oss/upload/apk Code Location: /src/main/java/com/suke/czx/modules/oss/controller/SysOssController.java:83
ソース⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
ユーザー
 ShenxiuSecurity (UID 84374)
送信2025年06月16日 08:36 (1 年 ago)
モデレーション2025年06月26日 17:54 (10 days later)
ステータス承諾済み
VulDBエントリ314006 [yzcheng90 X-SpringBoot 迄 5.0 APK File /sys/oss/upload/apk uploadApk ファイル ディレクトリトラバーサル]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!